Searching content associated with multiple applications

ABSTRACT

Disclosed are examples that relate to searching for content associated with applications. In various examples, a system can include a computing device and a search interface component executable by the computing device. The search interface component can cause the computing device to obtain a search query from a search component and search for application content associated with the search query. The application content can be associated with respective sandboxes. The search interface component can also cause the computing device to provide search results to the search component.

CROSS-REFERENCE TO RELATED APPLICATIONS

Benefit is claimed under 35 U.S.C. 119(a)-(d) to Foreign applicationSerial No. 2937/CHE/2015 filed in India entitled “SEARCHING CONTENTASSOCIATED WITH MULTIPLE APPLICATIONS”, on Jun. 11, 2015, by AIRWATCHLLC, and Foreign application Serial No. 3284/CHE/2015 filed in Indiaentitled “SEARCHING CONTENT ASSOCIATED WITH MULTIPLE APPLICATIONS”, onJun. 29, 2015, by AIRWATCH LLC, which is herein incorporated in itsentirety by reference for all purposes

BACKGROUND

Users of computing devices often use applications to process and storedata files that can include various types of content. For example, auser can use a word processing application to create, edit, and storeword processing documents. When the user wants to view or edit thecontent in the word processing document, the user can operate the wordprocessing application to open the file and render the content.

Over time, a user can store a large quantity of files. Eventually, itcan become difficult for the user to locate a particular file due to thelarge quantity of files that a user can accumulate. In addition, it iscommon for multiple users to store files in the same storage system sothat each user has access to all of the files in the storage system.However, the number of files stored by the multiple users can make itdifficult for one user to find and access a particular file.

Search engines can facilitate a user finding files that match searchqueries. However, search engines often do not have the ability to searchfor content that is restricted from access for various reasons.

BRIEF DESCRIPTION OF THE DRAWINGS

Many aspects of the present disclosure can be better understood withreference to the following drawings. The components in the drawings arenot necessarily to scale, with emphasis instead being placed uponclearly illustrating the principles of the disclosure. Moreover, in thedrawings, like reference numerals designate corresponding partsthroughout the several views.

FIG. 1 is a drawing of an example of a networked environment.

FIG. 2 is a flowchart illustrating an example of functionalityimplemented by a search component in a client device.

FIGS. 3A-3B and 4A-4B are flowcharts illustrating examples offunctionality implemented by a search interface component in a clientdevice.

DETAILED DESCRIPTION

The present disclosure relates to searching for content for which accesscan be restricted. In some examples, multiple applications can beinstalled in a client device, and application content can be stored inthe client device. The client device can isolate application content sothat a particular application can only access its respective applicationcontent. In other words, the client device can implement sandboxes,which can isolate application data and code execution from otherapplications.

A search component and a search interface component can be installed inthe client device. The search component may not have permission tocommunicate with the applications, but the search interface componentcan communicate with the applications. When a user provides the searchcomponent with a search query, the search component can transfer thesearch query to the search interface component. Then, the searchinterface component can communicate with the applications to perform asearch and obtain search results that correspond to the search query.

In the following discussion, examples of systems and their componentsare described, followed by examples of the operation of those systems.

With reference to FIG. 1, shown is an example of a networked environment100. The networked environment 100 can include an enterprise computingenvironment 103 and a client device 106 in data communication through anetwork 109. The network 109 can include the Internet, one or moreintranets, extranets, wide area networks (WANs), local area networks(LANs), wired networks, wireless networks, or any combination of two ormore such networks. The network 109 can include satellite networks,cable networks, Ethernet networks, and telephony networks.

The enterprise computing environment 103 can be a computing environmentoperated by one or more enterprises, such as businesses or otherorganizations. The enterprise computing environment 103 can include acomputing device, such as a server computer, that provides computingcapabilities. Alternatively, the enterprise computing environment 103can include multiple computing devices arranged in one or more serverbanks or computer banks. For examples in which the enterprise computingenvironment 103 includes multiple computing devices, the computingdevices can be located in a single installation, or the computingdevices can be distributed among multiple different geographicallocations.

In some examples, the enterprise computing environment 103 can includecomputing devices that together form a hosted computing resource or agrid computing resource. In other examples, the enterprise computingenvironment 103 can operate as an elastic computing resource for whichthe allotted capacity of computing-related resources, such as processingresources, network resources, and storage resources, can vary over time.In other examples, the enterprise computing environment 103 can includeor be operated as one or more virtualized computer instances that can beexecuted in order to perform the functionality that is described herein.

The enterprise computing environment 103 can include various systems.For example, the enterprise computing environment 103 can include amanagement service 113 that can monitor and manage the operation ofclient devices 106 associated with the enterprise that operates theenterprise computing environment 103. In some examples, the managementservice 113 can manage and oversee the operation of multiple clientdevices 106 enrolled in a mobile device management service that isprovided by the management service 113. The management service 113 canalso provide the client devices 106 with access to email, calendar data,contact information, and other resources associated with the enterprise.

The management service 113 can assign various compliance rules torespective client devices 106. The compliance rules can specify, forexample, one or more conditions that must be satisfied for a respectiveclient device 106 to be deemed compliant with the compliance rule. Inone example, a compliance rule can specify that particular applicationsare prohibited from being installed in a client device 106. In anotherexample, a compliance rule can specify that a lock screen is required tobe generated when the client device 106 is “awoken” from a low power“sleep” state and that a passcode is required for a user to unlock thelock screen. Some compliance rules can be based on time, geographicallocation, or network properties. For instance, a compliance rule can besatisfied when a client device 106 is located within a particulargeographic location.

A compliance rule in another example can be satisfied when the clientdevice 106 is in communication with a particular network 109, such as aparticular local area network that is managed by the enterprisecomputing environment 103. Furthermore, a compliance rule in anotherexample can be satisfied upon the time and date matching specifiedvalues.

Another example of a compliance rule involves whether a user belongs toa particular group of authorized users. A compliance rule can include awhitelist or a blacklist that specifies whether particular users orgroups of users are authorized users. In various examples, theenterprise computing environment 103, the client device 106, or acombination of both the enterprise computing environment 103 and theclient device 106 can determine whether a client device 106 satisfies acompliance rule.

In some examples, an enterprise can operate the management service 113to ensure that the client devices 106 of its users satisfy variouscompliance rules. By ensuring that the client devices 106 of its usersare operating in compliance with the compliance rules, the enterprisecan control access to resources to thereby improve the security ofdevices associated with the enterprise and the users of the clientdevices 106.

The client device 106 is representative of multiple client devices 106that can be coupled to the network 109. The client device 106 caninclude a processor-based computer system, such as a desktop computer, alaptop computer, a personal digital assistant, a mobile phone, or atablet computer. The client device 106 can include output devices, suchas a display and audio speakers, as well as one or more input devices,such as a mouse, keyboard, touch pad, or touch screen, which canfacilitate a user interacting with and controlling the client device106. In addition, the client device 106 can include a client data store115, which can store data associated with the client device 106.

The client device 106 can include a first application 116 a, a secondapplication 116 b a third application 116 c, a search component 119, anda search interface component 123. The first application 116 a, thesecond application 116 b, and the third application 116 c, referred tocollectively as the applications 116, can include sets of computerprograms that can perform various functionality. As one example, thefirst application 116 a can include a word processing application, thesecond application 116 b can include a media player that can rendermultimedia, and the third application 116 c can include an email clientthat can send and receive email messages. The applications 116 can bedeveloped and provided by the enterprise that operates the enterprisecomputing environment 103. In addition, the applications 116 can besecured applications. In this regard, enterprise security libraries canbe included in the applications 116, and the management service 113 canmonitor and control the applications 116.

The applications 116 can be associated with first application content126 a, second application content 126 b, and third application content126 c, respectively, that is stored in the client data store 115. Theapplication content 126 can include files and other types of data thatthe corresponding applications 116 can access and process. The firstapplication 116 a can access and process the first application content126 a, the second application 116 b can access and process the secondapplication content 126 b, and the third application 116 c can accessand process the third application content 126 c.

As will be described in further detail below, the search component 119can communicate with the search interface component 123 and cause thesearch interface component 123 to perform content searches. The searchcomponent 119 can also generate one or more user interfaces that canfacilitate user interactions. A user interface can include an inputregion that can facilitate a user inputting search queries. In someexamples, the search component 119 can be an application installed inthe client device 106. In alternative examples, the search component 119can be a component of an application, such as an application widget,that is installed in the client device 106. In other examples, thesearch component 119 can be a plugin, such as a third-party plugin, foran application.

In some examples, the search component 119 can be a managed component.In this regard, the search component 119 can incorporate securitylibraries to enable the search component 119 to provide managementcapabilities required by the management service 113. The managementcapabilities can include configuration, authentication, connectivity,data loss prevention, and auditing capabilities, which can enhance thesecurity of the search component 119. In addition, when the searchcomponent 119 is a managed component, the search component 119 caninclude a communication key that can be used during communication withthe search interface component 123, as will be described in furtherdetail below.

In one approach, the search component 119 can be a managed componentthrough usage of a software development kit (SDK) distributed by, forexample, the enterprise that operates the enterprise computingenvironment 103. The SDK can provide the developer of the searchcomponent 119 with a development environment that facilitatesintegrating security libraries and a communication key into the searchcomponent 119. Using the SDK, the developer can modify the source codeof the search component 119 to include the security libraries providedby the SDK. After the source code has been modified to include thesecurity libraries, the source code can be compiled, and that the searchcomponent 119 can be deemed a managed component by the managementservice 113.

In another approach, the search component 119 can be a managed componentthrough a process known as “wrapping.” To wrap the search component 119,an application wrapper in the management service 113 can decompilecompiled code for the search component 119. The application wrapper canthen integrate security libraries and a communication key with thedecompiled code. Then, the application wrapper can compile the modifiedcode. Thus, through the process of wrapping, the search component 119can be deemed a managed component by the management service 113.

The search interface component 123 can receive and process searchrequests submitted from the search component 119, as will be describedin further detail below. In some examples, the search interfacecomponent 123 can include an application installed in the client device106. In addition, in some examples, the search interface component 123can operate as a background process. In this regard, the searchinterface component 123 can operate without presenting user interfacesfor display to the user of the client device 106.

The client device 106 can also include an operating system that cancreate sandboxes 129 a-129 c, referred to collectively as sandboxes 129,for the respective applications 116. The sandboxes 129 can be regardedas being virtual containers for the respective applications 116. Thesandboxes 129 can isolate resources, such as code and the applicationcontent 126, for the respective applications 116. For example, thesandbox 129 a can isolate the first application content 126 a so thatonly the first application 116 a can retrieve the first applicationcontent 126 a from the client data store 115. In other words, the firstapplication 116 a can access the first application content 126 a fromthe client data store 115, but the search component 119, the searchinterface component 123, the second application 116 b, and the thirdapplication 116 c cannot retrieve the first application content 126 afrom the client data store 115.

The operating system can also restrict the transfer of at least sometypes of data between components in the client device 106 based onvarious protection models. In some examples, the operating system canenforce a signature-based protection model as wells as apermissions-based protection model. If a component is protected usingthe signature-based protection model, the operating system can allow thecomponent to transfer data to only other components that are signed withthe same certificate key. Thus, if a component subject to thesignature-based protection model is signed with a certificate key thatdiffers from another component, the operating system of the clientdevice 106 can prohibit the component from sharing at least some datawith the other component. In some examples, the search interfacecomponent 123 and the applications 116 are signed with the samecertificate key, but the search component 119 is not signed with thatcertificate key. Additionally, the operating system can enforce asignature-based protection model for the applications 116. Accordingly,the operating system can allow the applications 116 to transfer theapplication content 126 to the search interface component 123, but theoperating system can prevent the applications 116 from transferring theapplication 116 to the search component 119.

If a component is protected using the permissions-based protectionmodel, the operating system can allow the component to transfer data toonly other components that have the same permissions as those assignedto the component. A permission for a component can specify, for example,whether a component is permitted to access a global positioning system(GPS). Another example of a permission can specify whether the componentis permitted access a particular storage location. If a componentsubject to the permissions-based protection model has permissions thatdiffer from another component, the operating system of the client device106 can prohibit the component from sharing at least some data with theother component. In some examples, the operating system can enforce apermissions-based security model for the search interface component 123,and the search component 119 and the search interface component 123 canhave the same permissions. Accordingly, the operating system can allowthe search interface component 123 to transfer data to the searchcomponent 119.

Next, examples of the operation of the networked environment 100 aredescribed. To begin, the search component 119, the search interfacecomponent 123, and the applications 116 can be installed in the clientdevice 106. When the applications 116 are installed in the client device106, the applications 116 can report to the search interface component123 to notify the search interface component 123 that the applications116 are present in the client device 106. Additionally, when anapplication 116 is being uninstalled from the client device 106, theapplication 116 can report to the search interface component 123, tonotify the search interface component 123 that the application 116 isbeing removed from the client device 106. In this way, the searchinterface component 123 can determine which applications 116 the searchinterface component 123 can query during a search or indexing operation.

As the client device 106 operates, the applications 116 can storevarious application content 126 in the client data store 115. Forexample, the first application 116 a can include first applicationcontent 126 a that includes word processing documents, the secondapplication 116 b can store second application content 126 b thatincludes multimedia files, and the third application 116 c can storethird application content 126 c that includes email messages. Theapplication content 126 can be stored in the client data store 115 andisolated by virtue of the sandboxes 129 that are established by theoperating system.

Next, examples of a search being performed in the client device 106 aredescribed. A user can operate the search component 119 to perform asearch. For example, the user can input a search query into a userinterface generated by the search component 119. The search query caninclude a text string. For instance, the user can input the text stringof “accounting records” to search for information corresponding toaccounting records that are associated with the applications 116.

Upon receiving the user's search query, the search component 119 canprovide the search query to the search interface component 123. In someexamples, the search interface component 123 can be protected using apermissions-based protection model. As such, the operating system of theclient device 106 can allow the search interface component 123 tocommunicate and share data with the search component 119 only if thesearch component 119 and search interface component 123 share the samepermissions.

In some examples, the application content 126 can include restrictedcontent, such as enterprise content, that the management service 113 andthe client device 106 monitors and prevents from unauthorized access. Assuch, the search interface component 123 can determine whether thesearch interface component 123 is authorized to perform searches for thesearch component 119. To determine whether the search interfacecomponent 123 is authorized to perform a search on behalf of the searchcomponent 119, the search component 119 can provide a key to the searchinterface component 123. In some examples, the key can be seeded withthe search component 119 when the search component 119 is developed intoa managed component using, for example an SDK or wrapping processing asdescribed above. When the search interface component 123 receives asearch query from the search component 119, the search interfacecomponent 123 can determine whether the search interface component 123also received an authentic key. To determine whether the key isauthentic, the search interface component 119 can compare the key to apredefined value that is indicative of an authentic key. If the keymatches the predefined value, the search interface component 119 candetermine that the key is authentic. In alternative examples, the searchinterface component 119 can communicate with the management system 113and request the management system 119 to provide the search interfacecomponent 123 with a notification of whether the received key isauthentic.

After the search interface component 123 has received the search queryfrom the search component 119, and after the search interface component123 has authenticated the key, the search interface component 123 cansearch for application content 126 that corresponds to the receivedsearch query. The search interface component 123 can perform the searchin various ways, as will now be described.

In one approach, the search interface component 123 can perform thesearch by requesting the respective applications 116 to search forapplication content 126 that corresponds to the search query. In otherwords, the search interface component 123 can submit a first request tothe first application 116 a, a second request to the second application116 b, and a third request to the third application 116 c. The requestscan query the applications 116 to provide search results that representthe application content 126 that corresponds to the search request. Forexample, the first application content 126 can respond with a list ofword processing documents that include text that matches the searchquery, the second application 116 b can respond with a list ofmultimedia files having metadata that matches the search query, and thethird application 16 c can respond with a list of email messages thatinclude text that correspond to the search query. The applications 116can perform search algorithms that return search results based on thesearch query, including terms that are related to the search query, suchas synonyms.

In another approach, the search interface component 123 can perform thesearch by searching a search index that is accessible to the searchinterface component 123. The search index can represent terms as wellsas references to the application content 126 that correspond to therespective terms. For example, a search index can include the term“handbook” and identify the instances of application content 126 thatcorrespond to the term “handbook.” Thus, when the search interfacecomponent 123 receives a search query from the search component 119, thesearch interface component 123 can search the search index to generatecorresponding search results.

The search index can be generated in various ways. In some examples, thesearch interface component 123 can periodically crawl the applicationcontent 126 stored in the client data store 115 to update the searchindex with information collected during the crawl. In other examples,the search interface component 123 can generate and update the searchindex based on search results provided by the applications 116 inresponse to other searches. For example, when the applications 116provide search results to the search interface component 123, the searchinterface component 123 can store information from the search results inthe search index. Thus, the search interface component 123 can maintaina search index that can be updated based on the search results providedby the applications 116.

Once the search interface component 123 obtains search results for asearch query, the search interface component 123 can provide the searchresults to the search component 119. Thus, for examples in which theapplications 116 provide search results to the search interfacecomponent 123, the search interface component 123 can forward the searchresults to the search component 119. For examples in which the searchinterface component 123 generates the search results based on a searchindex, the search interface component 123 can provide the generatedsearch results to the search component 119.

The search interface component 123 can also cache search results thatthe applications 116 can provide or that the search interface component123 can generate. In these examples, the once the search interfacecomponent 123 obtains a search result, the search interface component123 can store the search result in a cache in which the search result isstored for a configurable amount of time. If the search component 119submits a search query that is the same or similar to the search queryfor a cached search result, the search interface component 123 canretrieve the cached search result and provide the cached search resultto the search component 119. By providing the search component 119 withcached search results, the search interface component 123 can avoidperforming the steps required to generate or request a new searchresult.

After the search interface component 123 provides search results to thesearch component 119, the search component 119 can render the searchresults for presentation to a user of the client device 106. A renderedsearch result can represent various information associated with thesearch result. For example, the rendered search result can identify theparticular application content 126 that corresponds to the search resultas well as the particular application 116 to which the applicationcontent 126 corresponds. The rendered search result can representmetadata for the application content 126 that corresponds to the searchresult, such as a file's name, creator, and creation date. The renderedsearch result can also include information that can facilitate a userdetermining whether the user wants to retrieve the application content126 that corresponds to the search result. For example, the renderedsearch result can include a preview or a brief summary of thecorresponding application content 126.

A user of the client device 106 can use the search component 119 toselect one or more of the search results and request to access thecorresponding data. Upon receiving the user's selection, the searchinterface component 123 can notify the search interface component 123that the user requests to access the corresponding application content126.

After the search interface component 123 receives notification that theuser requested to access the application content 126, the searchinterface component 123 can provide the user with the requestedapplication content 126. The search component 119 can also provide thesearch interface component 123 with a communication key, so that thesearch interface component 123 can determine whether the searchcomponent 119 is authorized to access the requested application content126. In some examples, in response to receiving a request from thesearch component 119 to access particular application content 126, thesearch interface component 123 can cause the application 116 thatcorresponds to the application content 126 to become active and instructthe application 116 to open the corresponding application content 126.For instance, if the user requested to access a file in the firstapplication content 126, the search interface component 123 can causethe first application 116 a to become active and to open the specifiedfile.

In an alternative approach, when the search interface component 123receives a notification that the user requests to access applicationcontent 126 corresponding to a search result, the search interfacecomponent 123 can request the corresponding application 116 to providethe application content 126 to the search interface component 123 andthen transfer the application content 126 to the search component 119.For example, if the search component 119 notifies the search interfacecomponent 123 that the user requests to access first application content126 a, the search interface component 123 can request the firstapplication 116 a to provide the first application content 126 a to thesearch interface component 123. After the search interface component 123receives the requested first application content 126 a from the firstapplication 116 a, the search interface component 123 can transfer thereceived first application content 126 a to the search component 119.

In some examples in which the search interface component 123 transfersthe requested application content 126 to the search component 119, thesearch interface component 123 can also cache the application content126 for later use. In these examples, the search interface component 123can store the retrieved application content 126 in a cache for aconfigurable amount of time. If the search component 119 submits asubsequent request for the same application content 126, the searchinterface component 123 can retrieve the application content 126 fromthe cache and provide the application content 126 to the searchcomponent 119. In this way, the search interface component 123 canreduce the amount of time and computing resources required to providethe search component 119 with the requested application content 126.

In some examples, the search interface component 123 can also extractinformation from the retrieved application content 126 for variouspurposes. For example, the search interface component 123 can determinethat application content 126 indicates that the user of the clientdevice 106 is scheduled to attend an event. Using this information, thesearch interface component 123 can set reminders for the event andgenerate alerts that remind the user of the scheduled event.

When the search interface component 123 receives a search query from thesearch component 119, the search interface component 123 can alsoinitiate a web search for web site content, including third-party website content, that corresponds to the search query. To this end, thesearch interface component 123 can communicate with a web page searchengine though an application program interface (API). In variousexamples, the search engine can be an enterprise search engine operatedby the management service 113 or a third-party search engine that is notoperated by the management service 113. Using the API, the searchinterface component 123 can request the search engine to provide searchresults that correspond to the search query. When the search interfacecomponent 123 receives search results from the web page search engine,the search interface component 123 can provide the search component 119with the received search results along with the search results based onthe application content 126.

In some examples, devices that are in communication with the managementservice 113 through the network 109 can search for application content126 stored in the client data store 115. To this end, the managementservice 113 can include a messaging server that can relay messagesbetween the client device 106 and other devices. A device enrolled withservice through the management service 113 can include a searchcomponent 119 that can cause the client device 106 to transmit a messageto the messaging server to request the search interface component 123 toperform a search. The message transmitted by the device can include apayload that specifies that the message includes the search query, adestination identifier that represents the client device 106, and astring that represents the search query.

When the messaging server receives the message, the messaging server candetermine that the message is intended for the client device 106 basedon the destination identifier included in the payload of the message.Upon identifying the client device 106, the messaging server can forwardthe message to the client device 106.

When the client device 106 receives the message from the messagingserver, the client device 106 can provide the message to the searchinterface component 123, which can perform a search using one or more ofthe approaches described above to generate search results. The searchinterface component 123 can then transmit the search results to themessaging server. In particular, the search interface component 123 cantransmit a message that includes a payload that specifies that themessage includes search results, a destination identifier thatrepresents the device that submitted the search query, and data thatrepresents the search results.

Once the messaging server receives the message that includes the searchresults, the messaging server can parse the message and extract thedestination identifier that represents the device that submitted thesearch query. After the messaging server identifies the device thatsubmitted the search query, the messaging server can transmit the searchresult to search component 119 in the identified device. The device canthen request and receive application content 126 for a selected searchresult using the messaging protocol described above. Thus, a device incommunication with the management service 113 through the network 109can search for and retrieve application content 126 stored in the clientdevice 106. Additionally, a device can search for application content126 in a group of client devices 106 by transmitting a message to themanagement service 113 with a payload the identifies the group of theclient devices 106.

In other examples, a device can include a search component 119 that cancommunicate with the client device 106 through other communicationprotocols, such as a peer-to-peer protocol. In these examples, thesearch component 119 can cause the device to transmit a search query tothe client device 106 through the network 109 without communicating withthe management system 113. The search interface component 123 canreceive the search query and perform a search using one or more of theapproaches described above. The search interface component 123 can thentransmit search results to the search component 119 in the remote devicethrough the network 109 without the search results being relayed throughthe management system 113.

With reference to FIG. 2, shown is a flowchart that provides an exampleof a portion of the operation of the search component 119. Inparticular, FIG. 2 provides an example of the search component 119providing a search query to the search interface component 123 andobtaining search results. The flowchart of FIG. 2 can be viewed asdepicting an example of a method implemented in the client device 106.

Beginning with step 203, the search component 119 can obtain a searchquery from a user of the client device 106. In some examples, the searchquery can include a string of characters. For example, a user can inputthe text string of “safety presentations” in a user interface generatedby the search component 119.

As shown at step 206, the search component 119 can then provide thereceived search query to the search interface component 123. Asdescribed above, the operating system of the client device 106 canenforce a permissions-based security model for the search interfacecomponent 123, and the search component 119 and the search interfacecomponent 123 can have the same permissions. Accordingly, the operatingsystem can allow the search component 119 and the search interfacecomponent 123 to communicate with each other and transfer data betweenthe components.

At step 209, the search component 119 can provide a communication key tothe search interface component 123. As discussed above, the searchinterface component 123 can authenticate the communication key todetermine whether the search interface component 123 is authorized toperform a search on behalf of the search component 119.

As indicated at step 213, the search component 119 can then obtain oneor more search results from the search interface component 123. Thesearch results can represent application content 126 that corresponds tothe search result. For example, the search result can identify theparticular application content 126 as well as the application 116 towhich the application content 126 corresponds. The search result canalso represent metadata for the application 116, such as a file's name,creator, and creation data. Thereafter, the process ends.

With reference to FIGS. 3A-3B, shown is a flowchart that provides anexample of a portion of the operation of the search interface component123. In particular, FIGS. 3A-3B provide an example of the searchinterface component 123 receiving a search query from the searchcomponent 119 and providing the search component 119 with searchresults. The flowchart of FIGS. 3A-3B can be viewed as depicting anexample of a method implemented in the client device 106.

Beginning with step 303, the search interface component 123 can obtain asearch query from the search component 119. The search query in someexamples can include a string of text that the user of the client device106 input into the search component 119.

At step 306, the search interface component 123 can then determinewhether the search interface component 123 obtained a communication keyfrom the search component 119. The communication key can indicate thatthe search interface component 123 is authorized to perform search atthe request of the search component 119. In some examples, thecommunication key can be seeded in the search component 119 when thesearch component 119 is made into a managed component through the SDK orwrapping processes described above.

If the search interface component 123 did not obtain the communicationkey, the search interface component 123 can move to step 309 and denythe search request made by the search component 119. Otherwise, if thesearch interface component 123 did obtain a communication key, thesearch interface component 123 can move to step 313 and determinewhether the received communication key is authentic. If thecommunication key is not authentic, the search interface component 123can move to step 309 and deny the search request made by the searchcomponent 119.

If the communication key is authentic, the search interface component123 can move to step 316. As indicated at step 316, the search interfacecomponent 123 can request the first application 116 a to search forfirst application content that corresponds to the search query.Similarly, the search interface component 123 can request the secondapplication 116 b to search for second application content 126 b thatcorresponds to the search query, as shown at step 319. In addition, thesearch interface component 123 can request the third application 116 cto search for third application content 126 c that corresponds to thesearch query, as indicated at step 323.

As shown at step 326, the search interface component 123 can then obtainone or more search results from the first application 116 a, the secondapplication 116 b, and the third application 116 c. The search resultscan represent application content 126 that corresponds to the searchresult. For example, the search result can identify the particularapplication content 126 as well as the application 116 to which theapplication content 126 corresponds. The search result can alsorepresent metadata for the application 116, such as a file's name,creator, and creation data. The search interface component 123 can thenmove to step 329, which is shown in FIG. 3B. At step 329, the searchinterface component 123 can provide the received search results to thesearch component 119.

Then, as shown at step 333, the search interface component 123 can thendetermine whether the user of the client device 106 has selected one ofthe search results. To determine whether the user of the client device106 has selected one of the search results, the search interfacecomponent 123 can determine whether the search interface component 123has received a notification from the search component 119 that the userselected on of the search results. For example, the search component 119can notify the search interface component 123 that the user selected aparticular search result along with information that identifies thesearch result as well as the application content 126 that corresponds tothe search result. If a user did not select a search result, the processends.

Otherwise, if the user selected a search result, the search interfacecomponent 123 can move to step 336 and retrieve the application content126 that corresponds to the selected search result. In some examples,the search interface component 123 can retrieve the specifiedapplication content 126 by requesting the corresponding application 116to transfer the application content 126 to the search interfacecomponent 123. In other examples, the search interface component 123 canaccess the client data store 115 to retrieve the application content126.

After the search interface component 123 has obtained the applicationcontent 126, the search interface component 123 can move to step 339 andprovide the retrieved content to the search component 119. Inalternative examples, instead of retrieving the application content 126and providing the application content 126 to the search component 119,the search interface component 123 can cause the application 116 for theapplication content 126 to become active in the client device 106. Inaddition, the search interface component 123 can instruct theapplication 116 to open the application content 126 that corresponds tothe selected search result. Thereafter, the process ends.

With reference to FIGS. 4A-4B, shown is a flowchart that providesanother example of a portion of the operation of the search interfacecomponent 123. In particular, FIGS. 4A-4B provide another example of thesearch interface component 123 receiving a search query from the searchcomponent 119 and providing the search component 119 with searchresults. The flowchart of FIGS. 4A-4B can be viewed as depicting anexample of a method implemented in the client device 106.

Beginning with step 403, the search interface component 123 can obtain asearch query from the search component 119. The search query can includea string of text that the user of the client device 106 input into thesearch component 119.

At step 406, the search interface component 123 can then determinewhether the search interface component 123 obtained a communication keyfrom the search component 119. The communication key can indicate thatthe search interface component 123 is authorized to perform a search atthe request of the search component 119. In some examples, thecommunication key can be seeded in the search component 119 when thesearch component 119 is made into a managed component through the SDK orwrapping processes described above.

If the search interface component 123 did not obtain the communicationkey, the search interface component 123 can move to step 409 and denythe search request made by the search component 119. Otherwise, if thesearch interface component 123 did obtain a communication key, thesearch interface component 123 can move to step 413 and determinewhether the received communication key is authentic. If thecommunication key is not authentic, the search interface component 123can move to step 409 and deny the search request made by the searchcomponent 119.

If the communication key is authentic, the search interface component123 can move to step 416. As indicated at step 416, the search interfacecomponent 123 can search an index for first application content 126 a,second application content 126 b, and third application content 126 cthat corresponds to the search query. As described above, the searchindex can be generated by the search interface component 123periodically crawling the application content 126 in the client datastore 115. In addition, the search index can be populated by recordinginformation retrieved if the applications 116 provide the searchinterface component 123 with search results.

The search interface component 123 can then move to step 419, which isshown in FIG. 4B. As shown at step 419, the search interface component123 can then generate and provide search results to the search component119. The search results can identify the particular application content126 that corresponds to the search query. In addition, the searchresults can identify the applications 116 to which the applicationcontent 126 correspond. The search result can also represent metadatafor the application 116, such as a file's name, creator, and creationdata.

Then, as shown at step 423, the search interface component 123 can thendetermine whether the user of the client device 106 has selected one ofthe search results. To this end, the search component 119 can notify thesearch interface component 123 that the user selected a particularsearch result. If a user did not select a search result, the processends.

Otherwise, if the user selected a search result, the search interfacecomponent 123 can move to step 426 and retrieve the application content126 that corresponds to the selected search result. In some examples,the search interface component 123 can retrieve the specifiedapplication content 126 by requesting the corresponding application 116to transfer the application content 126 to the search interfacecomponent 123. In other examples, the search interface component 123 canaccess the client data store 115 to retrieve the application content126.

After the search interface component 123 has obtained the applicationcontent 126, the search interface component 123 can move to step 429 andprovide the retrieved content to the search component 119. Inalternative examples, instead of retrieving the application content 126and providing the application content 126 to the search component 119,the search interface component 123 can cause the application 116 for theapplication content 126 to become active in the client device 106. Inaddition, the search interface component 123 can instruct theapplication 116 to open the application content 126 that corresponds tothe selected search result. Thereafter, the process ends.

The flowcharts of FIGS. 2, 3A-3B, and 4A-4B show examples of thefunctionality and operation of implementations of components describedherein. The components of the networked environment 100 described hereincan be embodied in hardware, software, or a combination of hardware andsoftware. If embodied in software, each step in the flowcharts of FIGS.2, 3A-3B, and 4A-4B can represent a module or a portion of code thatincludes computer instructions to implement the specified logicalfunctions. The computer instructions can include source code thatcomprises human-readable statements written in a programming language ormachine code that comprises machine instructions recognizable by asuitable execution system, such as a processor in a computer system. Ifembodied in hardware, each step can represent a circuit or a number ofinterconnected circuits that implement the specified logical functions.

Although the flowcharts show a specific order of execution, the order ofexecution can differ from that which is shown. For example, the order ofexecution of two or more steps can be switched relative to the ordershown. Also, two or more steps shown in succession can be executedconcurrently or with partial concurrence. Further, in some examples, oneor more of the steps shown in the flowcharts can be skipped or omitted.In addition, any number of counters, state variables, warningsemaphores, or messages can be added to the logical flow describedherein, for purposes of enhanced utility, accounting, performancemeasurement, or troubleshooting aid.

The enterprise computing environment 103 and client device 106 describedherein can include at least one processing circuit. Such a processingcircuit can include one or more processors and one or more storagedevices that are coupled to a local interface. The local interface caninclude a data bus with an accompanying address/control bus.

A storage device for a processing circuit can store data and componentsthat are executable by the one or more processors of the processingcircuit. In some examples, portions of the management service 113, thesearch component 119, the search interface component 123, and theapplications 116 can be stored in one or more storage devices and beexecutable by one or more processors. Also, the client data store 115can be located in the one or more storage devices.

The management service 113, the search component 119, the searchinterface component 123, and the applications 116 can be embodied in theform of hardware, as software components that are executable byhardware, or as a combination of software and hardware. If embodied ashardware, the components described herein can be implemented as acircuit or state machine that employs any suitable hardware technology.Such hardware technology includes, for example, microprocessors,discrete logic circuits having logic gates for implementing variouslogic functions upon an application of one or more data signals,application specific integrated circuits (ASICs) having appropriatelogic gates, or programmable logic devices, such as field-programmablegate array (FPGAs) and complex programmable logic devices (CPLDs).

Also, one or more or more of the components described herein thatinclude software or computer instructions can be embodied in anynon-transitory computer-readable medium for use by or in connection withan instruction execution system such as, for example, a processor in acomputer system or other system. Such a computer-readable medium cancontain, store, and maintain the software or computer instructions foruse by or in connection with the instruction execution system.

A computer-readable medium can comprise a physical media, such as,magnetic, optical, semiconductor, or other suitable media. Examples of asuitable computer-readable media include solid-state drives, magneticdrives, flash memory, and storage discs, such as compact discs (CDs).Further, any logic or component described herein can be implemented andstructured in a variety of ways. For example, one or more componentsdescribed can be implemented as modules or components of a singleapplication. Further, one or more components described herein can beexecuted in one computing device or by using multiple computing devices.

The examples described above are merely examples of implementations toset forth for a clear understanding of the principles of the disclosure.Many variations and modifications can be made to the examples describedabove without departing substantially from the spirit and principles ofthe disclosure. All such modifications and variations are intended to beincluded herein within the scope of this disclosure.

Therefore, the following is claimed:
 1. A system, comprising: acomputing device; and a search interface component executable by thecomputing device, wherein the search interface component, when executedby the computing device, is configured to cause the computing device toat least: determine that a communication key has been obtained in thesearch interface component; determine that the communication key isauthentic; in response to determining that the communication key hasbeen obtained and the communication key is authentic: obtain a searchquery from a search component; search for first application content thatcorresponds to the search query, wherein the first application contentis secured by a first sandbox for a first application; search for secondapplication content that corresponds to the search query, wherein thesecond application content is secured by a second sandbox for a secondapplication; and provide at least one search result to the searchcomponent, wherein the at least one search result is based on at leastone of the first application content that corresponds to the searchquery or the second application content that corresponds to the searchquery.
 2. A non-transitory computer-readable medium storing a pluralityof computer instructions executable by a computing device, the pluralityof computer instructions being configured to cause the computing deviceto at least: determine that a communication key has been obtained in thesearch interface component; determine that the communication key isauthentic; in response to determining that the communication key hasbeen obtained and the communication key is authentic: obtain a searchquery from a search component; search for first application content thatcorresponds to the search query, wherein the first application contentis secured by a first sandbox for a first application; search for secondapplication content that corresponds to the search query, wherein thesecond application content is secured by a second sandbox for a secondapplication; and provide at least one search result to the searchcomponent, wherein the at least one search result is based on at leastone of the first application content that corresponds to the searchquery or the second application content that corresponds to the searchquery.
 3. A method, comprising: installing a search interface componentin a computing device; determine that a communication key has beenobtained in the search interface component; determine that thecommunication key is authentic; in response to determining that thecommunication key has been obtained and the communication key isauthentic, obtaining, by the search interface component, a search queryfrom a search component; searching, by the search interface component,for first application content that corresponds to the search query,wherein the first application content is secured by a first sandbox fora first application; searching for second application content thatcorresponds to the search query, wherein the second application contentis secured by a second sandbox for a second application; and providing,by the search interface component, at least one search result to thesearch component, wherein the at least one search result is based on atleast one of the first application content that corresponds to thesearch query or the second application content that corresponds to thesearch query.
 4. The system of claim 1, wherein access to the firstapplication content and the second application content is restrictedbased on a signature-based permission model; wherein the searchinterface component is signed with a certificate key; wherein the firstapplication is signed with the certificate key; wherein the secondapplication is signed with the certificate key; and wherein thecomponent is not signed with the certificate key.
 5. The system of claim1, wherein the search component comprises an application installed inthe computing device.
 6. The system of claim 1, wherein the searchcomponent comprises a management system that communicates with thecomputing device through a network.
 7. The system of claim 6, whereinthe search interface component is further configured to cause thecomputing device to at least transmit a message to the managementsystem, and wherein a payload of the message comprises: the at least onesearch result; and a destination identifier that identifies a devicethat generated the search query.
 8. The system of claim 1, wherein thesearch component comprises a component in a peer computing device thatis configured to communicate with the computing device through anetwork.
 9. A non-transitory computer-readable medium storing aplurality of computer instructions executable by a computing device, theplurality of computer instructions being configured to cause thecomputing device to at least: obtain a search query from a searchcomponent; search for first application content that corresponds to thesearch query, wherein the first application content is associated with afirst sandbox for a first application; search for second applicationcontent that corresponds to the search query, wherein the secondapplication content is associated with a second sandbox for a secondapplication; and provide at least one search result to the searchcomponent, wherein the at least one search result is based on at leastone of the first application content that corresponds to the searchquery or the second application content that corresponds to the searchquery.
 10. The non-transitory computer-readable medium of claim 9,wherein the plurality of computer instructions are further configured tocause the computing device to at least: request the first application tosearch for the first application that corresponds to the search query;and request the second application to search for the second applicationcontent that corresponds to the search query.
 11. The non-transitorycomputer-readable medium of claim 9, wherein the plurality of computerinstructions are further configured to cause the computing device to atleast: generate a search index representing content associated with thefirst application and the second application; search the search indexfor the first application content that corresponds to the search query;and search the search index for the second application content thatcorresponds to the search query.
 12. The non-transitorycomputer-readable medium of claim 9, wherein the plurality of computerinstructions are further configured to cause the computing device to atleast restrict access to the first application content and the secondapplication content based on a signature-based permission model; whereinthe first application is signed with a certificate key; wherein thesecond application is signed with the certificate key; and wherein thecomponent is not signed with the certificate key.
 13. The non-transitorycomputer-readable medium of claim 9, wherein the plurality of computerinstructions are further configured to cause the computing device to atleast cause the computing device to at least receive the search queryfrom an application installed in the computing device.
 14. Thenon-transitory computer-readable medium of claim 9, wherein theplurality of computer instructions are further configured to cause thecomputing device to at least receive the search query from a managementsystem that manages the computing device through a network.
 15. Thenon-transitory computer-readable medium of claim 14, wherein theplurality of computer instructions are further configured to cause thecomputing device to at least transmit a message to the managementsystem, and wherein a payload of the message comprises: the at least onesearch result; and a destination identifier that identifies a devicethat generated the search query.
 16. A method, comprising: installing asearch interface component in a computing device; obtaining, by thesearch interface component, a search query from a search component;searching, by the search interface component, for first applicationcontent that corresponds to the search query, wherein the firstapplication content is associated with a first sandbox for a firstapplication; searching for second application content that correspondsto the search query, wherein the second application content isassociated with a second sandbox for a second application; andproviding, by the search interface component, at least one search resultto the search component, wherein the at least one search result is basedon at least one of the first application content that corresponds to thesearch query or the second application content that corresponds to thesearch query.
 17. The method of claim 16, further comprising:requesting, by the search interface component, the first application tosearch for the first application content that corresponds to the searchquery; and requesting, by the search interface component, the secondapplication to search for the second application content thatcorresponds to the search query.
 18. The method of claim 16, furthercomprising: generating a search index representing content associatedwith the first application and the second application; searching, by thesearch interface component, the search index for the first applicationcontent that corresponds to the search query; and searching, by thesearch interface component, the search index for the second applicationcontent that corresponds to the search query.
 19. The method of claim16, wherein access to the first application content and the secondapplication content is restricted based on a signature-based permissionmodel; wherein the search interface component is signed with acertificate key; wherein the first application is signed based with thecertificate key; wherein the second application is signed with thecertificate key; and wherein the component is not signed with thecertificate key.
 20. The method of claim 16, further comprisingreceiving the search query from a management system that is incommunication with the computing device through a network.